Java.nio频道和TLS [英] Java.nio Channels and TLS

问题描述

如何保护Java SocketChannel ， ServerSocketChannel ，或者甚至是 DatagramChannel 使用TLS？

How do I secure a Java SocketChannel, ServerSocketChannel or, perhaps even, a DatagramChannel with TLS?

我知道有一些框架（＃1 ＃2 ）宣传能够，但我想知道是否可以单独使用纯Java标准库来实现这一目标。

I know that there are some frameworks (#1 #2) that advertise to be able, but I want to know if it is possible to achieve this with the pure Java standard library alone.

推荐答案

你需要使用 SSLEngine ，如使用SSLEngine进行非阻塞I / O 。您提到的库使用它或使用使用它的库。

You need to use the SSLEngine, as documented in Non-blocking I/O with SSLEngine. The libraries you mention use it or use libraries that use it.

（请注意，这是非常难以使用的。）

(Note that this is notoriously difficult to use.)

您可能会发现这些链接很有趣：

You may find these links interesting:

• 此答案（其中还包含书籍章节的链接）。


• 来自Jean-FrançoisArcand的笔记实施了它在 Grizzly 。


• 一个示例您可以通过异步SSL / TLS获得的问题类型。


• 获取熟悉这些这个问题中提到的问题也应该是相关的（特别是如何在异步模式下处理它们） 。


• 简单框架也支持异步SSL / TLS。

• This answer (which also contains a link to a book chapter).
• Notes from Jean-François Arcand who implemented it in Grizzly.
• An example of the type of problems you can get with asynchronous SSL/TLS.
• Getting familiar with the problems mentioned in these this question should also be relevant (in particular, how to deal with them in async mode).
• The Simple Framework also has support for async SSL/TLS.

对于数据报，你应该考虑使用 DTLS 而不是TLS。我不确定它在Java中的实现状态，但你可以深入研究 java.openjdk.security.devel 邮件列表的档案。

For Datagrams, you should look into using DTLS instead of TLS. I'm not sure of its implementation status in Java, but you could dig through the archives of the java.openjdk.security.devel mailing list.

这篇关于Java.nio频道和TLS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！